The SOFTWARE ARCHITECTURE FOR ACCESS CONTROL BASED ON HIERARCHICAL CHARACTERISTICS generally relates to computer implemented access control, and more particularly, relates to a software architecture for controlling object access to a resource by utilizing multiple object characteristics.
Access to resources such as, software applications, web services, physical containers or even facilities are becoming increasingly difficult to manage via access control lists (ACLs) or group policies. An “Object” typically represents a person or thing seeking resource access. ACLs usually grant resource access by evaluating an object's name or unique identifier and comparing it to a pre-approved list. If an object such as, a user, is re-assigned, changes clearance or is promoted, access to resources should also change. Currently, ACL resource managers (RM) must evaluate personnel records to determine resource access. Such a task can become time-consuming and inefficient as the number of personnel and resources within an organization grow. Limited access to personnel records by RMs could compound the problem.
Another limitation with ACLs and Groups is their inability to accurately and quickly respond to the existence of constantly changing environmental statuses. Homeland Security and regional Information Assurance (IA) agencies are authorized to impose security levels (environmental condition) within their jurisdiction. Access to a wide range of resources by many objects should be affected at the precise time a security level (environmental status) changes. Sudden changes in security conditions may not allow sufficient time to modify an ACL or Group, thereby creating possible security breaches by un-authorized resource access. Finer granularity of resource access may be required during certain security conditions.